Project Ideas

This page lists a few ideas for course projects. You are not
limited to projects on this list; any topic that is relevant to
this course may be proposed. This list is meant to get you started
thinking about interesting projects.

Services like eBay depend on
tracking a history of individual behavior. (See http://www.advogato.com/trust-metric.html for a more
substantial attempt.) Involvement in a number of
good transactions enhances ones reputation, and the threat of bad
feedback motivates people to behave well. Describe potential attacks
on eBay's reputation. Design (and optionally implement) a more secure
reputation service.

Security User Interface

How can reference monitors present security violations to users in a
way they understand? (And not pop-up so many false alarms that users
learn to reflexively ignore warnings?)

Event Tickets

Design a system where customers can purchase and print out their own
movie ticket.

Audio Authentication

Can we do challenge-response authentication using audio? (Would this be
useful?)

File Sharing

How can file sharing services protect copyrights? What are the security
issues involved in Napster and its successors?

Secure Internet Gambling

Analyze the trust issues for a gambling application. Design and
implement a scheme for secure gambling on the Internet. Your scheme
should be more secure than ASF
Software's.

Health Care Issues

Consider security issues in health care - for example: Can genetic tests
be done in a way that ensures privacy? Can medical records be stored in
a way that provides access to health care professionals in a secure way?

Intellectual Property Protection

How can content providers collect payments?

Privacy

Web Cookies

Low-Tech Cipher

Design and analyze a cipher that can be encrypted and decrypted using
readily available devices. (For inspiration, see Bruce Schneier's Solitaire
encryption algorithm.)

Assessment

Conduct a security assessment of an existing or proposed system. Your
analysis should include a description of vulnerabilities and potential
attacks. Before actually attempting to attack a system, you must
get permission (either from me, or the system operators).